Introduction
Recent supply chain attacks—like those targeting Trivy and Checkmarx KICS in 2026—have demonstrated how stolen publisher credentials can be used to push malicious Docker images through legitimate workflows. In both cases, Docker’s infrastructure remained intact, but anyone who pulled compromised tags briefly exposed their environment to exfiltration. This guide walks you through detecting, containing, and preventing such incidents. Whether you’re a security engineer, DevOps lead, or CI/CD manager, following these steps will help you harden your pipeline and respond effectively.
What You Need
- Access to Docker Hub (or the registry your images came from)
- CI/CD logs showing pull history and tag usage
- Credential management system (e.g., HashiCorp Vault, AWS Secrets Manager)
- Image scanning tools (like Trivy, KICS, or Docker Scout)
- List of affected digests (provided in the incident disclosure)
- Access to local caches and pull-through registries (Nexus, Artifactory, etc.)
Step-by-Step Response
-
Step 1: Identify Exposure
Check your Docker pull history for any of the known malicious digests. For the KICS incident, the compromised tags included
Jump to Tips for confirming exposure.latest,v2.1.20,v2.1.20-debian,alpine,debian,v2.1.21, andv2.1.21-debian. Review your CI logs and image manifests for these specific hashes. Usedocker images --digeststo list local digests and compare them against the published list. -
Step 2: Rotate Any Credentials That May Have Been Exposed
If your CI system ran KICS (or a similar scanner) against repositories containing secrets, credentials, cloud resource names, or internal topology during the exposure window, assume those credentials are compromised. Rotate API keys, database passwords, and access tokens immediately. Use your credential manager to force re-issue. For services integrated with KICS output, audit all recent access logs for unusual activity.
-
Step 3: Re-Pull Images by Digest, Not by Tag
Tags are mutable and can be overwritten. To ensure you’re pulling a verified image, always reference the image by its digest (SHA256). For example:
docker pull checkmarx/kics@sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230dUpdate your Docker Compose, Kubernetes manifests, and CI scripts to use digest references. This prevents a future tag overwrite from silently affecting you.
-
Step 4: Pin Your CI Pipelines to Verified Digests
After re-pulling by digest, pin each pipeline to that exact digest. In GitHub Actions, GitLab CI, or Jenkins, hardcode the digest in the image field. For example, in a GitHub Actions workflow:
jobs: scan: container: image: checkmarx/kics@sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230dTest the pipeline to confirm the correct image is used.
-
Step 5: Purge Malicious Digests from All Caches
Remove the compromised images from local Docker caches, CI runner environments, and any pull-through registries (e.g., Artifactory, Nexus, Amazon ECR pull-through cache). Use commands like:
docker rmi checkmarx/kics@sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230dFor private registries, delete the associated tags and clean up blob storage if possible.
-
Step 6: Implement Long-Term Preventive Measures
To avoid future supply chain compromises:
- Enable image signing and verification (e.g., Docker Content Trust or Notary). Always verify signatures before pulling.
- Use a registry proxy that allows only approved digests or signed images.
- Regularly scan your images for vulnerabilities and malicious content.
- Limit CI permissions – the least privilege principle applies to pipeline credentials.
- Monitor publisher credentials – enforce strong authentication (MFA) and rotate them frequently.
- Participate in open collaboration – share incident data with trusted communities to speed up detection.
Tips for an Effective Response
- Act fast, communicate openly. Swift disclosure helps others check their environments. Both Trivy and KICS incidents benefited from rapid, transparent updates.
- Double-check your pull history. Even if you don’t recall pulling the exact tag, your CI might have. Use Docker Hub’s audit logs if available.
- Treat every compromised tag as a full breach. Assume any environment variable or file the scanner accessed is now known to the attacker.
- Educate your team on the risks of mutable tags and the importance of digest pinning.
- Review your incident response plan to include supply chain attack scenarios.